不同签名技术产生的不同数字签名 [英] Different digital signatures produced by different signing technologies

问题描述

我有这样的输入:

• 摘要(sha1).
• X509证书，由makecert工具制作.所以公钥算法是sha1WithRsa.
• 证书的私钥，也由makecert工具制作.

我想使用rsa签名算法对摘要进行签名.我使用了以下签名技术:

• 我自己的签名者(实际上使用Microsoft Strong Crypto Provider)
• BouncyCastle
• Openssl

每个人都会生成并验证签名.但是我有3个不同的签名作为输出.我尝试了很多次.这些签名不是随机的.我收到3个不变的签名.怎么会这样?有人有这样的问题吗?我在某件事上错了吗?

更新
Base64值:

哈希:
XN9ADbe4NVnSscjRGvBnWe1bDaw =

MySigner的签名:
aRiRJgYmFKl8i8 + FTUbr8Ah9sWybNw2XyFLVttaxrWzhj14nRuyL5qSXxaL4/B0etKZQH5qipZB04wx8 + aoRnnHxNcLFddyxMk7aUmilo + 58k4KYGYBKYGYKY2KY2Y

BouncyCastle的签名:
WP1iU2nuooneikMLCaWR9i03B + ISp8 + P + C/OqYHNF0qGioIbaRWCPHhxJqhCJdayr6T/X2XPjE2XebITmSmnd4JQgyECK77ju7AxCgBxIAWvzwDmCrCvB4C7BK4CK7BKCK4CK4CK7BK4CK4B3CB4C4B3B

Openssl的签名:
lRk/kX/+ 1vUmHLIKNmZy5h84K2ryu9GtfIp2XXeTsJJz96i7tqNg + EU/c9KkRhcbf4kFMt/O8HLLp9nNSrm5VafNCrPTmOWJMfRrRzxH1BR8sjqmT8HW7KWQHW7KWQHW7KWQHW7KWQHQWKHQW7KWQHQWKHQKTWKHQW9KTQHW9KTQKTWK9KTW7K9W9K7W9K7W9K7W9K4K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7WQK7W7K8W7K7W7KW7K6K5K5K5K5K5K5K5K5K5K5K5K5K0W5国立大学校园网''''R R R R R R R R R

更新
字节文件 http://download.files.namba.kg/files/5637461

更新
用BouncyCastle签署摘要的代码

 公共无效的SignWithBouncyCastle(){byte []摘要= File.ReadAllBytes(@"d:\ public \ signatures \ digest");byte []签名= null;TextReader textReader =新的StreamReader(@"e:\ PresentCert \ RootCATest2.pem");//具有私钥和公钥的文件PemReader pemReader =新的PemReader(textReader);对象obj = pemReader.ReadObject();AsymmetricCipherKeyPair ackp;ackp =(AsymmetricCipherKeyPair)obj;RsaDigestSigner签名者=新的RsaDigestSigner(新的Sha1Digest());signer.Init(true，ackp.Private);signer.BlockUpdate(摘要，0，摘要.长度);签名= signer.GenerateSignature();signer.Init(false，ackp.Public);signer.BlockUpdate(摘要，0，摘要.长度);bool r = signer.VerifySignature(signature);//r为真File.WriteAllBytes(@"d:\ public \ signatures \ bouncycastle"，签名);} 

然后我使用以下命令使用openssl验证签名:

  openssl rsautl -verify -inkey e:\ PresentCert \ pubRootCATest2.pem -pubin -in d:\ public \ signatures \ bouncycastle-已验证 

比较文件

  comp已验证d:\ public \ signs \ bouncycastle 

它们是不同的.

更新
更正的代码

 公共无效SignMessageWithBouncyCastle(){//File.WriteAllBytes(@"c:\msg，Encoding.UTF8.GetBytes(" the_secret_message));;byte [] msg = File.ReadAllBytes(@"c:\ msg");byte []签名= null;TextReader textReader =新的StreamReader(@"e:\ PresentCert \ RootCATest2.pem");//具有私钥和公钥的文件PemReader pemReader =新的PemReader(textReader);对象obj = pemReader.ReadObject();AsymmetricCipherKeyPair ackp;ackp =(AsymmetricCipherKeyPair)obj;RsaDigestSigner签名者=新的RsaDigestSigner(新的Sha1Digest());signer.Init(true，ackp.Private);signer.BlockUpdate(msg，0，msg.Length);签名= signer.GenerateSignature();signer.Init(false，ackp.Public);signer.BlockUpdate(msg，0，msg.Length);bool r = signer.VerifySignature(signature);//r为真File.WriteAllBytes(@"c:\ bouncycastle"，签名);} 

这次我使用了这个openssl命令:

  openssl dgst -sha1 -verify c:\ pubRootCATest2.pem-签名c:\ bouncycastle c:\ msg 

结果被验证为合格！

解决方案

您正在使用http://download.files.namba.kg/files/5637461

Update
Code to sign the digest with BouncyCastle

        public void SignWithBouncyCastle()
    {
        byte[] digest = File.ReadAllBytes(@"d:\public\signatures\digest");
        byte[] signature = null;
        TextReader textReader = new StreamReader(@"e:\PresentCert\RootCATest2.pem"); // file with private key and public key
        PemReader pemReader = new PemReader(textReader);
        object obj = pemReader.ReadObject();
        AsymmetricCipherKeyPair ackp;
        ackp = (AsymmetricCipherKeyPair)obj;
        RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());

        signer.Init(true, ackp.Private);
        signer.BlockUpdate(digest, 0, digest.Length);
        signature = signer.GenerateSignature();

        signer.Init(false, ackp.Public);
        signer.BlockUpdate(digest, 0, digest.Length);
        bool r = signer.VerifySignature(signature);
        // r is true
        File.WriteAllBytes(@"d:\public\signatures\bouncycastle", signature);
    }

Then I validate signature with openssl using the command:

openssl rsautl -verify -inkey e:\PresentCert\pubRootCATest2.pem -pubin -in d:\public\signatures\bouncycastle -out verified

And compare files

comp verified d:\public\signatures\bouncycastle

They are different.

Update
Corrected code

        public void SignMessageWithBouncyCastle()
    {
        //File.WriteAllBytes(@"c:\msg", Encoding.UTF8.GetBytes("the_secret_message"));
        byte[] msg = File.ReadAllBytes(@"c:\msg");
        byte[] signature = null;
        TextReader textReader = new StreamReader(@"e:\PresentCert\RootCATest2.pem"); // file with private key and public key
        PemReader pemReader = new PemReader(textReader);
        object obj = pemReader.ReadObject();
        AsymmetricCipherKeyPair ackp;
        ackp = (AsymmetricCipherKeyPair)obj;
        RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());

        signer.Init(true, ackp.Private);
        signer.BlockUpdate(msg, 0, msg.Length);
        signature = signer.GenerateSignature();

        signer.Init(false, ackp.Public);
        signer.BlockUpdate(msg, 0, msg.Length);
        bool r = signer.VerifySignature(signature);
        // r is true
        File.WriteAllBytes(@"c:\bouncycastle", signature);
    }

And I used this openssl command this time:

openssl dgst -sha1 -verify c:\pubRootCATest2.pem -signature c:\bouncycastle c:\msg

And result was Verified OK!

解决方案

You're using RSA PSS. There is more than one valid signature.

这篇关于不同签名技术产生的不同数字签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！